package com.ruoyi.framework.web.exception;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.ruoyi.common.exception.user.AntiReplayException;
import com.ruoyi.common.exception.user.OriginErrorException;
import com.ruoyi.common.exception.user.UserPasswordNotMatchException;
import com.ruoyi.common.exception.user.UserPasswordRetryLimitExceedException;
import com.ruoyi.common.utils.MessageUtils;
import org.apache.catalina.filters.ExpiresFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.validation.BindException;
import org.springframework.web.HttpRequestMethodNotSupportedException;
import org.springframework.web.bind.MethodArgumentNotValidException;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.RestControllerAdvice;
import com.ruoyi.common.constant.HttpStatus;
import com.ruoyi.common.core.domain.AjaxResult;
import com.ruoyi.common.exception.DemoModeException;
import com.ruoyi.common.exception.ServiceException;
import com.ruoyi.common.utils.StringUtils;

/**
 * 全局异常处理器
 *
 * @author ruoyi
 */
@RestControllerAdvice
public class GlobalExceptionHandler
{
    private static final Logger log = LoggerFactory.getLogger(GlobalExceptionHandler.class);

    /**
     * 权限校验异常
     */
    @ExceptionHandler(AccessDeniedException.class)
    public AjaxResult handleAccessDeniedException(AccessDeniedException e, HttpServletRequest request, HttpServletResponse response)
    {
        String requestURI = request.getRequestURI();
        log.error("请求地址'{}',权限校验失败'{}'", requestURI, e.getMessage());
        //response.setStatus(301);
        response.setHeader("Content-Security-Policy", "default-src 'self'; script-src 'self' 'unsafe-inline' cdn.example.com");
//
//
        response.setHeader("x-content-type-options","nosniff");
        //response.setHeader("x-frame-options","DENY");
        response.setHeader("x-xss-protection","1; mode=block");
        return AjaxResult.error(HttpStatus.FORBIDDEN, "没有权限，请联系管理员授权");
    }
    @ExceptionHandler(UserPasswordRetryLimitExceedException.class)
    public Object AntiReplayException(UserPasswordRetryLimitExceedException e, HttpServletResponse response)
    {
        log.error(e.getMessage(), e);
        String message = "密码错误次数过多，请稍后尝试";
        //response.setStatus(301);
        response.setHeader("Content-Security-Policy", "default-src 'self'; script-src 'self' 'unsafe-inline' cdn.example.com");
//
//
        response.setHeader("x-content-type-options","nosniff");
        //response.setHeader("x-frame-options","DENY");
        response.setHeader("x-xss-protection","1; mode=block");
        return AjaxResult.error(message);
    }
    /**
     * 请求方式不支持
     */
    @ExceptionHandler(HttpRequestMethodNotSupportedException.class)
    public AjaxResult handleHttpRequestMethodNotSupported(HttpRequestMethodNotSupportedException e,
                                                          HttpServletRequest request, HttpServletResponse response)
    {
        String requestURI = request.getRequestURI();
        log.error("请求地址'{}',不支持'{}'请求", requestURI, e.getMethod());
        //response.setStatus(301);
        response.setHeader("Content-Security-Policy", "default-src 'self'; script-src 'self' 'unsafe-inline' cdn.example.com");
//
//
        response.setHeader("x-content-type-options","nosniff");
        //response.setHeader("x-frame-options","DENY");
        response.setHeader("x-xss-protection","1; mode=block");
        return AjaxResult.error("不支持该方法的访问请求");
    }

    /**
     * 业务异常
     */
    @ExceptionHandler(ServiceException.class)
    public AjaxResult handleServiceException(ServiceException e, HttpServletRequest request, HttpServletResponse response)
    {
        log.error(e.getMessage(), e);
        Integer code = e.getCode();
        //response.setStatus(301);
        response.setHeader("Content-Security-Policy", "default-src 'self'; script-src 'self' 'unsafe-inline' cdn.example.com");
//
//
        response.setHeader("x-content-type-options","nosniff");
        //response.setHeader("x-frame-options","DENY");
        response.setHeader("x-xss-protection","1; mode=block");
        return StringUtils.isNotNull(code) ? AjaxResult.error(code, "业务异常") : AjaxResult.error("业务异常");
    }

    /**
     * 拦截未知的运行时异常
     */
    @ExceptionHandler(RuntimeException.class)
    public AjaxResult handleRuntimeException(RuntimeException e, HttpServletRequest request, HttpServletResponse response)
    {
        String requestURI = request.getRequestURI();
        log.error("请求地址'{}',发生未知异常.", requestURI, e);
        //response.setStatus(301);
        response.setHeader("Content-Security-Policy", "default-src 'self'; script-src 'self' 'unsafe-inline' cdn.example.com");
//
//
        response.setHeader("x-content-type-options","nosniff");
        //response.setHeader("x-frame-options","DENY");
        response.setHeader("x-xss-protection","1; mode=block");
        return AjaxResult.error("发生未知异常");
    }

    /**
     * 系统异常
     */
    @ExceptionHandler(Exception.class)
    public AjaxResult handleException(Exception e, HttpServletRequest request, HttpServletResponse response)
    {
        String requestURI = request.getRequestURI();
        log.error("请求地址'{}',发生系统异常.", requestURI, e);
        //response.setStatus(301);
        response.setHeader("Content-Security-Policy", "default-src 'self'; script-src 'self' 'unsafe-inline' cdn.example.com");
//
//
        response.setHeader("x-content-type-options","nosniff");
        //response.setHeader("x-frame-options","DENY");
        response.setHeader("x-xss-protection","1; mode=block");
        return AjaxResult.error("系统异常");
    }

    /**
     * 自定义验证异常
     */
    @ExceptionHandler(OriginErrorException.class)
    public AjaxResult OriginErrorExceptionException(OriginErrorException e, HttpServletResponse response)
    {
        log.error(e.getMessage(), e);
        String message = e.getMessage();
        //response.setStatus(301);
        response.setHeader("Content-Security-Policy", "default-src 'self'; script-src 'self' 'unsafe-inline' cdn.example.com");
//
//
        response.setHeader("x-content-type-options","nosniff");
        //response.setHeader("x-frame-options","DENY");
        response.setHeader("x-xss-protection","1; mode=block");
        return AjaxResult.error(message);
    }

    /**
     * orgin验证异常  orgin
     */
    @ExceptionHandler(BindException.class)
    public AjaxResult handleBindException(BindException e, HttpServletResponse response)
    {
        log.error(e.getMessage(), e);
        String message = e.getAllErrors().get(0).getDefaultMessage();
        //response.setStatus(301);
        response.setHeader("Content-Security-Policy", "default-src 'self'; script-src 'self' 'unsafe-inline' cdn.example.com");
//
//
        response.setHeader("x-content-type-options","nosniff");
        //response.setHeader("x-frame-options","DENY");
        response.setHeader("x-xss-protection","1; mode=block");
        return AjaxResult.error(message);
    }

    /**
     * 自定义验证异常
     */
    @ExceptionHandler(MethodArgumentNotValidException.class)
    public Object handleMethodArgumentNotValidException(MethodArgumentNotValidException e, HttpServletResponse response)
    {
        log.error(e.getMessage(), e);
        String message = e.getBindingResult().getFieldError().getDefaultMessage();
        //response.setStatus(301);
        response.setHeader("Content-Security-Policy", "default-src 'self'; script-src 'self' 'unsafe-inline' cdn.example.com");
//
//
        response.setHeader("x-content-type-options","nosniff");
        //response.setHeader("x-frame-options","DENY");
        response.setHeader("x-xss-protection","1; mode=block");
        return AjaxResult.error(message);
    }

    /**
     * 自定义验证异常
     */
    @ExceptionHandler(UserPasswordNotMatchException.class)
    public Object UserPasswordNotMatchException(UserPasswordNotMatchException e, HttpServletResponse response)
    {
        log.error(e.getMessage(), e);
        String message = MessageUtils.message("user.password.not.match");
        //response.setStatus(301);
        response.setHeader("Content-Security-Policy", "default-src 'self'; script-src 'self' 'unsafe-inline' cdn.example.com");
//
//
        response.setHeader("x-content-type-options","nosniff");
        //response.setHeader("x-frame-options","DENY");
        response.setHeader("x-xss-protection","1; mode=block");
        return AjaxResult.error(message);
    }

    /**
     * 重放问一场
     */
    @ExceptionHandler(AntiReplayException.class)
    public Object AntiReplayException(AntiReplayException e, HttpServletResponse response)
    {
        log.error(e.getMessage(), e);
        String message = MessageUtils.message("role.anti.replay");
        //response.setStatus(301);
        response.setHeader("Content-Security-Policy", "default-src 'self'; script-src 'self' 'unsafe-inline' cdn.example.com");
//
//
        response.setHeader("x-content-type-options","nosniff");
        //response.setHeader("x-frame-options","DENY");
        response.setHeader("x-xss-protection","1; mode=block");
        return AjaxResult.error(message);
    }



    /**
     * 演示模式异常
     */
    @ExceptionHandler(DemoModeException.class)
    public AjaxResult handleDemoModeException(DemoModeException e, HttpServletResponse response)
    {
        //response.setStatus(301);
        response.setHeader("Content-Security-Policy", "default-src 'self'; script-src 'self' 'unsafe-inline' cdn.example.com");
//
//
        response.setHeader("x-content-type-options","nosniff");
        //response.setHeader("x-frame-options","DENY");
        response.setHeader("x-xss-protection","1; mode=block");
        return AjaxResult.error("演示模式，不允许操作");
    }
}
